Can't SSH from outside LAN.

BobHarris wrote:
ssh questions are best asked in the Mac OS X Technologies -> Unix forum
< http://discussions.apple.com/forum.jspa?forumID=735 >

Make 2 side-by-side tests using "ssh -v -v -v" and compare the results.

ssh -v -v -v -l username 10.1.1.2
ssh -v -v -v -l username 123.123.123.123

The -v -v -v options will cause ssh to spit out a lot of debugging information that might aid in understanding what is going wrong.

Also you might run Applications -> Utilities -> Console, and see if the sshd daemon is reporting any errors when you attempt to connect.

If the logs do not have any entries ssh when you try to connect, then there is a good chance the connection was rejected at the router. If you have ssh log entries, then it is more likely something on your Mac.

Hi guys!

Thanks a lot for your replies, I can't see anything wrong with my router at the moment so I tried adding the verbose options to ssh and I got lots of stuff.

I'm not too sure what information is most relevant so I'm typing in the ones that I figure would be most relevant.

When I use the local lan address (10.1.1.2) I get this at the end of lots of debug info:

debug1: SSH2 MSG_KEX_DH_GEXINIT sent
debug1: expecting SSH2 MSG_KEX_DH_GEX_INITREPLY
debug2: no key of type 0 for host 10.1.1.5
debug2: no key of type 2 for host 10.1.1.5
The authenticity of host '10.1.1.5' (10.1.1.5) can't be established.
RSA key fingerprint 78.e5... bla bla bla...
Are you sure you want to continue connecting (yes/no)?

If I type yes and hit return, I get some more debug messages, basically saying that 10.1.1.5 has been permanently added to the list of known hosts. Next if I try to connect again it will prompt me for my password and I'll log in successfully.

Now, if I try with the external IP address:

debug1: Connecting to 123.123.123.123 port 22.
debug1: Connection established.
debug1: identity file /var/mobile/.ssh/identity type -1
debug1: identity file /var/mobile/.ssh/id_rsa type -1
debug1: identity file /var/mobile/.ssh/id_dsa type -1
ssh exchangeidentification: Connection closed by remote host

So it looks like it's actually connecting (router properly forwarding? Firewall open on port 22?) but then it can't find some sort of identity file!

Any clues?

Dbsneddon, thanks for your reply.

Yes I am doing it from the same network (router), so the source address of my iPhone would be an internal address I'm guessing, not sure what address my macbook thinks my iPhone is trying to connect from...